How to generate an alert and make it look like it came from someone else


<!--[if lt IE 9]>

<![endif]-->


Comments (5)

  1. Ian Smith says:

    Oh man, you lost me at key property..

  2. Love this one Kevin! It would be nice if Microsoft would use this to generate heartbeat alerts on behalf of the Windows Computer or Windows Operating System class instance, instead of using the Health Service Watcher class. Then we don’t have to create Health Service Watcher groups anymore to make heartbeat alerts visible to specific User Scopes based on groups with Windows Computer classes.

  3. Arthur REMY says:

    Great article ! Actually I was looking for this kind of mechanism to answer client needs. Cheers.

  4. sploy says:

    And I’m getting this event alert now:

    An alert couldn’t be inserted to the database. This could have happened because of one of the following reasons:

    – Alert is stale. The alert is generated by an MP recently deleted.
    – Database connectivity problems or database running out of space.
    – Alert received is not valid.

    The following details should help to further diagnose:

    Details: RuleId:5809b8d9-e578-bc39-713b-23e1a7050f87. HealthServiceId:9e252845-969e-d53d-c060-1c6617e5ec07. The INSERT statement conflicted with the FOREIGN KEY constraint “FK_Alert_BaseManagedEntity”. The conflict occurred in database “OpsMgr”, table “dbo.BaseManagedEntity”, column ‘BaseManagedEntityId’.
    The statement has been terminated..

  5. sploy says:

    Hi Kevin. This is very helpful stuff. But, I can’t seem to make it work on my requirement.

    Here’s the story:

    We are planning to purchase Solarwinds NPM. Our only concern is that the alerts in SCOM side only shows the generic alert name – “Orion Active Alerts” and its source is the Server where Solarwinds is installed. What we wanted is (1) Show the actual alert name as seen in the Solarwinds console, and (2) repoint the source to the actual network node from where the alert is coming.

    The solution in your post above is part of the 4 approaches I combined to come up with a Custom Management Pack.

    1. Create powershell discovery based on the network Nodes found by Solarwinds. (OK)
    2. Create an Event and Script Datasource to look for a particular event log. Once found, parse the contents to get NodeName, AlertName and Description for later use in Alert Message. (OK – I created an event log to show when the script was succesful)
    3. Use the solution you posted above, create a GenerateAlertForType to repoint the source of the alert to the actual node. (Can’t confirm if successful)
    4. Use the alert parameters for Dynamic Alert Name and Description. (No alert is showing up in SCOM console)

    I really need your expert opinion on what seems to be the problem with what I’m trying to do.

Skip to main content